Will HestiaCP overwrite this?

Hi,
If you’ve seen my posts earlier you will know I have been trying to get HestiaCP to set up Nginx to proxy to 8085 which is listened to on Apache.

The templates I made generate these .conf
( I had to make a blank template as they seem to need pairs of .tmp and .stmp )

HERE IS THE NGINX .CONF
/home/dave/conf/web/gldn.page/nginx.conf

server {
    listen      78.110.163.102:80;
    server_name gldn.page *.gldn.page;

    return 301 https://$host$request_uri;

}

server {
    listen      78.110.163.102:443 ssl http2;
    server_name gldn.page *.gldn.page;
    ssl_certificate      /etc/letsencrypt/live/gldn.page/cert.pem;
    ssl_certificate_key  /etc/letsencrypt/live/gldn.page/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    error_log  /var/log/apache2/domains/gldn.page.error.log error;

    include /home/dave/conf/web/gldn.page/nginx.hsts.conf*;

    location / {
        proxy_pass      http://127.0.0.1:8085;
        location ~* ^.+\.(jpg|gif|bmp|ico|svg|tif|tiff|css|js|htm|html|ttf|otf|webp|woff|txt|csv|rtf|doc|docx|xls|xlsx|ppt|pptx|odf|odp|ods|odt|pdf|psd|ai|eot|eps|ps|zip|tar|tgz|gz|rar|bz2|7z|aac|m4a|mp3|mp4|ogg|wav|wma|3gp|avi|flv|m4v|mkv|mov|mpeg|mpg|wmv|exe|iso|dmg|swf)$ {
            root           /home/dave/web/gldn.page/public_html;
            access_log     /var/log/apache2/domains/gldn.page.log combined;
            access_log     /var/log/apache2/domains/gldn.page.bytes bytes;
            expires        max;
            try_files      $uri @fallback;
        }
    }

    location /error/ {
        alias   /home/dave/web/gldn.page/document_errors/;
    }

    location @fallback {
        proxy_pass      https://78.110.163.102:8443;
    }

    location ~ /\.(?!well-known\/|file) {
       deny all;
       return 404;
    }

    proxy_hide_header Upgrade;

    include /home/dave/conf/web/gldn.page/nginx.ssl.conf_*;
}

HERE IS THE APACHE .CONF
/home/dave/conf/web/gldn.page/apache2.conf

<VirtualHost 127.0.0.1:8085>

    ServerName localhost

    DocumentRoot /home/dave/web/gldn.page/public_html
    ScriptAlias /cgi-bin/ /home/dave/web/gldn.page/cgi-bin/
    Alias /vstats/ /home/dave/web/gldn.page/stats/
    Alias /error/ /home/dave/web/gldn.page/document_errors/
    #SuexecUserGroup dave dave
    CustomLog /var/log/apache2/domains/gldn.page.bytes bytes
    CustomLog /var/log/apache2/domains/gldn.page.log combined
    ErrorLog /var/log/apache2/domains/gldn.page.error.log

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.forcessl.conf*

    <Directory /home/dave/web/gldn.page/stats>
        AllowOverride All
    </Directory>
    <Directory /home/dave/web/gldn.page/public_html>
        AllowOverride All
        Options +Includes -Indexes +ExecCGI
    </Directory>

    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php8.0-fpm-gldn.page.sock|fcgi://localhost"
    </FilesMatch>
    SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0

    IncludeOptional /home/dave/conf/web/gldn.page/apache2.conf_*
    IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>

Now I also opened the firewall which uses iptables

# iptables -L
[email protected]:/# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-HESTIA  tcp  --  anywhere             anywhere             tcp dpt:8083
fail2ban-MAIL  tcp  --  anywhere             anywhere             multiport dports smtp,submissions,submission,pop3,pop3s,imap2,imaps
fail2ban-FTP  tcp  --  anywhere             anywhere             tcp dpt:ftp
fail2ban-SSH  tcp  --  anywhere             anywhere             tcp dpt:ssh
fail2ban-RECIDIVE  tcp  --  anywhere             anywhere             multiport dports tcpmux:65535
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  78-110-163-102.as42831.net  anywhere
ACCEPT     all  --  server2.expressresponse.net  anywhere
ACCEPT     all  --  server1.expressresponse.net  anywhere
ACCEPT     all  --  localhost            anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8085
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2525
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2020
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ftp,12000:12100
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain

So you can see it has opened the port.

So, Port 8085 appears open ?

And yet ….

# telnet localhost 8085
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

AND …

# ss -tnlp | grep apache2
LISTEN    0         511           94.46.186.222:8443            0.0.0.0:*        users:(("apache2",pid=74117,fd=8),("apache2",pid=74116,fd=8),("apache2",pid=74115,fd=8),("apache2",pid=3435,fd=8))
LISTEN    0         511          78.157.211.222:8443            0.0.0.0:*        users:(("apache2",pid=74117,fd=6),("apache2",pid=74116,fd=6),("apache2",pid=74115,fd=6),("apache2",pid=3435,fd=6))
LISTEN    0         511          78.110.163.102:8443            0.0.0.0:*        users:(("apache2",pid=74117,fd=4),("apache2",pid=74116,fd=4),("apache2",pid=74115,fd=4),("apache2",pid=3435,fd=4))
LISTEN    0         511           94.46.186.222:8080            0.0.0.0:*        users:(("apache2",pid=74117,fd=9),("apache2",pid=74116,fd=9),("apache2",pid=74115,fd=9),("apache2",pid=3435,fd=9))
LISTEN    0         511          78.157.211.222:8080            0.0.0.0:*        users:(("apache2",pid=74117,fd=7),("apache2",pid=74116,fd=7),("apache2",pid=74115,fd=7),("apache2",pid=3435,fd=7))
LISTEN    0         511          78.110.163.102:8080            0.0.0.0:*        users:(("apache2",pid=74117,fd=5),("apache2",pid=74116,fd=5),("apache2",pid=74115,fd=5),("apache2",pid=3435,fd=5))
LISTEN    0         511               127.0.0.1:8081            0.0.0.0:*        users:(("apache2",pid=74117,fd=3),("apache2",pid=74116,fd=3),("apache2",pid=74115,fd=3),("apache2",pid=3435,fd=3))

Well I looked at the “ports.conf”

Which just had “# Powered by hestia”

I have added a line:

# Powered by hestia
listen 8085

And now it all works :slight_smile:

[email protected]:/etc/apache2# ss -tnlp | grep apache2
LISTEN    0         511           94.46.186.222:8443            0.0.0.0:*        users:(("apache2",pid=453977,fd=10),("apache2",pid=453976,fd=10),("apache2",pid=453975,fd=10),("apache2",pid=453974,fd=10))
LISTEN    0         511          78.157.211.222:8443            0.0.0.0:*        users:(("apache2",pid=453977,fd=8),("apache2",pid=453976,fd=8),("apache2",pid=453975,fd=8),("apache2",pid=453974,fd=8))
LISTEN    0         511          78.110.163.102:8443            0.0.0.0:*        users:(("apache2",pid=453977,fd=6),("apache2",pid=453976,fd=6),("apache2",pid=453975,fd=6),("apache2",pid=453974,fd=6))
LISTEN    0         511           94.46.186.222:8080            0.0.0.0:*        users:(("apache2",pid=453977,fd=11),("apache2",pid=453976,fd=11),("apache2",pid=453975,fd=11),("apache2",pid=453974,fd=11))
LISTEN    0         511          78.157.211.222:8080            0.0.0.0:*        users:(("apache2",pid=453977,fd=9),("apache2",pid=453976,fd=9),("apache2",pid=453975,fd=9),("apache2",pid=453974,fd=9))
LISTEN    0         511          78.110.163.102:8080            0.0.0.0:*        users:(("apache2",pid=453977,fd=7),("apache2",pid=453976,fd=7),("apache2",pid=453975,fd=7),("apache2",pid=453974,fd=7))
LISTEN    0         511               127.0.0.1:8081            0.0.0.0:*        users:(("apache2",pid=453977,fd=3),("apache2",pid=453976,fd=3),("apache2",pid=453975,fd=3),("apache2",pid=453974,fd=3))
LISTEN    0         511                       *:8085                  *:*        users:(("apache2",pid=453977,fd=5),("apache2",pid=453976,fd=5),("apache2",pid=453975,fd=5),("apache2",pid=453974,fd=5))

Question: Will HestaCP overright the /etc/apache2/ports.conf file?

If so is there a better solution using HestiaCP rather than having to do this hack ?

Thanks

1 Like

Yes create a template for it

deleted …

What does that mean ?

Is there a template for ports ???

I have shown the templates I wrote

Please explain a bit more what you mean.
Thanks

For ports.conf we will never overwrite.

Any *.conf in /home/user/conf/ we do overwrite it

1 Like

Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.